CFO insight and analysis written and compiled by DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

How Revised AML Manual Could Affect Bank Risk Management Efforts

The recently revised Bank Secrecy Act (BSA)/Anti-money Laundering (AML) Examination Manual, issued by the Federal Institutions Council (FFIEC), could require enhancements to how U.S.-based banks—and some global banks—comply with AML regulations going forward. Frederick Curry, principal, Anti-Money Laundering, Deloitte Transactions and Business Analytics LLP, discusses practical implications of the updated manual, including changes to how large transactions are to be reported to the government, heightened AML risk management around “suspicious activity reporting” and continued oversight role of bank boards.

Fred Curry

Q: In practical terms, what is the FFIEC BSA/AML Examination Manual?

Fred Curry: Broadly, the manual is generally considered the most complete guide to identifying and mitigating risks of money laundering and terrorist financing and is used by bank examiners to evaluate an institution’s compliance with AML and Office of Foreign Assets Control requirements. The manual also helps the industry understand the risks associated with money laundering and terrorist financing in the context of the BSA requirements as amended by the USA Patriot Act. It covers items such as customer identification, customer due diligence and how banks should respond to information requests from law enforcement agencies. Although it is a guide for U.S. examiners to assess U.S. federal and state banks, it is broadly used internationally as a standard on how banks identify and mitigate money laundering risks.

Q: What are some important updates in the revised manual and their intended goal?

Fred Curry: The revised version expands on additional areas of risk that banks should address, such as virtual currency and prepaid access, previously referred to as electronic cash. The update also expands on areas for examiners to focus on, including currency transaction reporting (CTR) and suspicious activity reporting (SAR).

For CTR’s, the U.S. Department of the Treasury, through its Financial Crime Enforcement Network (FinCEN) unit, required that any currency transaction from, through or to a bank totaling more than $10,000 on a business day be reported to the government using a CTR. The updated manual incorporates guidance from FinCEN¹ for banks to aggregate large currency transactions of separately incorporated entities with common ownership as if they were one business and to report on those transactions. For example, if one entity owns five businesses and each business bank account posts a $2,500 currency transaction, the guidance says those five transactions should be aggregated and reported to the government as one large currency transaction to comply with the revised CTR rules. In theory, without the aggregation guidance a business owner could structure a multitude of accounts so none of them reaches the $10,000 currency transaction reporting threshold. The changes essentially tighten the rules and procedures on compliance for large currency transaction reporting.

Q: How does the aggregation guidance affect bank compliance procedures?

Fred Curry: The BSA/AML manual states that “banks are strongly encouraged to develop systems required to aggregate currency transactions throughout the bank.” This requires systemic changes and for banks to identify and link entities that have common ownership structures. That requires banks to review their “know your customer” and transaction monitoring or related systems for CTR filing as well as policies and procedures to make sure they have systemic means to link accounts. Some banks struggle in this area because they look at accounts as single and distinct entities. Banks that have not identified customers in a broad relationship sense and don’t have the ability to link accounts with common ownership likely will have to make technology investments and systemic changes to be in compliance with this requirement. The revised manual also explicitly instructs bank examiners to evaluate whether or not an institution’s technology and human capital resources are consistent with the bank’s risk profile. This addition to the manual is important because, in the aftermath of the financial crisis, some banks reportedly cut back on compliance resources.

Q: How does the revised manual address suspicious activity reporting?

Fred Curry: Suspicious activity reporting is a significant area of the manual and the crux of BSA and USA Patriot Act compliance provisions because it focuses on identifying and reporting on those individuals or groups potentially involved in organized criminal activity, as well as terrorist financing. To add further emphasis on the importance of SAR filing, two topics were added as specific components of effective monitoring and reporting, one focused on “systems to Identify, research, and report suspicious activity,” another on “monitoring and SAR filing on continuing activity.” In addition, the updated manual incorporates the new SAR e-filing requirements and additional guidance was provided on filing SAR’s on continuously suspicious activity. While the 90-day period for supplemental SAR filing continues, the updated guidance allows for up to 30 days to file the SAR, after the 90 day review period has taken place, allowing a maximum deadline of 120 calendar days for supplemental review and SAR filing. The SAR itself serves as the lead and basis of identifying potentially illegal financial transactions. It provides FinCEN with the facts known to the bank regarding who’s doing it, where they are doing it, which banks are involved and the transactions and instruments being used, including involved counterparties. FinCEN in turn allows federal and state law enforcement agencies to access this information which they use to initiate criminal investigations and to trace movements of cash and other suspicious transactions.

Fred Curry: The manual’s updates could bring about changes in financial institutions’ risk strategies with respect to monitoring the activity and mitigating the money laundering risk that can be associated with embassy, foreign consulate and foreign mission accounts as the updated manual incorporates interagency guidance issued in March 2011². Such accounts have been known to be used to launder money as well as hide the proceeds of corruption. The updated manual requires banks to analyze the activity in such accounts to see if it’s consistent with the stated purpose of the account. For example, in an operational expense account the bank should see payroll, rent and utility transactions, not wire transfers, to purchase real estate or pay for students’ education.

Q: What risk management benefits do you see emerging from the revised manual?

Fred Curry: The manual puts forth greater detail on what regulators are expecting around AML compliance. Organizations in the financial services industry are constantly looking to improve operations and practices for managing risk, and the manual continues to be the source, foundation and framework for developing more comprehensive policies, procedures, controls and risk strategies to combat money laundering and related financial crimes. It helps banks identify important areas of risk and details how those risks should be addressed. In the area of suspicious activity, for example, the manual requires banks to have sophisticated monitoring systems that flag unusual transactions. It also says that after identifying problematic accounts a bank should have written policies, procedures and controls that it can follow to escalate a proper response, specifically when and how the bank will exit these accounts and who might be involved in the process—the management committee, BSA or AML steering committee, or the general counsel’s office.

Q: How does the updated manual address the role of a bank’s board?

Fred Curry: With regard to suspicious activity reporting, the updated manual continues to underscore the importance that the board be informed when SARs are filed. It is an important component of the manual because it puts the board in a better position to understand the risks the organization is facing. The number and type of SARs can help the board and senior management understand the organization’s risk profile and whether risk is increasing, decreasing or maintaining its current level. In addition, FinCEN³ recently issued guidance for board and senior management involvement and oversight in a bank’s AML program. The guidance focuses on tone at the top, roles and responsibilities, which include providing requisite resources to compliance functions and confirming employees are properly trained to identify and report suspicious activity. The guidance also states that AML compliance should not be sacrificed by a financial interest in profits. The FinCEN board guidance is an area of governance not included in the manual update, but it could be addressed in the future.

Q: Does the manual address penalties for BSA/AML violations?

Fred Curry: The manual includes a section under Introduction on criminal penalties for money laundering, terrorist financing, and violations of the BSA and civil penalties for violations of the BSA. However, it doesn’t address the ranges of penalties, specifically. But because it provides more detailed guidance and direction around BSA/AML risk and risk management, regulators and law enforcement agencies likely will be less forgiving when they uncover violations. In practice, penalties are proliferating for AML noncompliance. Given the rise in AML-related monetary penalties over the years it is crucial for financial institutions to have an effective compliance program as prosecution considers the strength of an institution’s compliance program when levying penalty and fines.

About Deloitte Insights

Deloitte’s Insights for CFOs provides financial executives a customized resource to help them address the strategic, operational and regulatory issues they face in managing their finance organizations and careers, with top-line digests, research, perspectives and technical analyses.

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.